Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

If you are granted the Reader role on a folder, you may be able to access unpublished draft versions of documents in that folder. You also may be able to set security on documents and folders. This behavior is unexpected.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 297697 - Last Review: February 27, 2007 - Revision: 2.3

You Can Access Unpublished Drafts Even Though You Have Only Been Granted a Reader Role

View products that this article applies to.
This article was previously published under Q297697

SYMPTOMS

If you are granted the Reader role on a folder, you may be able to access unpublished draft versions of documents in that folder. You also may be able to set security on documents and folders. This behavior is unexpected.
Back to the top

CAUSE

This behavior can occur if you are a member of the local Administrators group on the server.
Back to the top

RESOLUTION

If you are an administrator and you want to restrict the permissions, remove the user from the local Administrators group.
Back to the top

MORE INFORMATION

SharePoint Portal Server has a role-based security model. The following roles are available:
  • Coordinator
  • Author
  • Reader
  • Approver
  • Deny
All role memberships are scoped to the folder except for the Deny role that is set at the item level. When you remove all role members, you can configure the security membership on a folder so that no one is allowed access. You cannot reset permissions on this kind of folder because the concept of ownership that is used in the NTFS file system does not exist in SharePoint Portal Server.

To address this scenario, members of the local Administrators group are granted the non-revocable right to view and set security on every item in all workspaces on the server. These users also have the ability to add themselves to a role at the workspace level in the SharePoint Portal Server Administration Console. These users do not have permissions to check in and check out documents, unless they are explicitly granted the Author or Coordinator role on the folder.

If SharePoint Portal Server is installed on a domain controller, there is no way to recover from lockout because there is no local Administrators group on the server. For this reason, it is not recommended that you install SharePoint Portal Server on a domain controller.
Back to the top
APPLIES TO
  • Microsoft SharePoint Portal Server 2001
Back to the top
Keywords: 
kbprb kbprod2web KB297697
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting